<?php 
header("Content-type: text/html;charset=utf-8");
define('current_dir', dirname(__FILE__) . '/');
global $_GLOBAL;
include_once(current_dir . 'common.php');
//=====================================
include_once("Mobile_Detect.php");
$detect = new Mobile_Detect();
 
if (!$detect->isMobile()) {
    echo "请用手机访问。";
    exit;
}
//=====================================
$c = new common();
$action = $c->accept('action', 'P');
if($action == "mobile") {  //业务员登录
	$username = $c->accept('username', 'P');
	$password = $c->accept('password', 'P');
	$regmember= $c->accept('regmember', 'P');
	$err = 1;
	if($username =="") {
		$err = -1;
	} else if (!preg_match("/^[^!~`\'\"#\$\%\^&\*\(\)\+\-\{\}\[\]\|\\/\?\<\>\,\:\;]{2,60}$/i", $username)) {
		$err = -2;
	}
	if($password=="") {
		$err = -3;
	}
	$c->init();
	if($err == 1) {
		$password2 = md5($password);
		$db_table = db_prefix . "member";
		$arrpw = $c->eccode($_COOKIE['ydb_moble_username'], 'DECODE', db_pscode);
		if($arrpw) {
			$db_where = "(username='$username' || email='$username') AND pwkey='$password'";
		} else {
			$db_where = "(username='$username' || email='$username') AND password='$password2'";
		}
		$db_sql = "SELECT * FROM $db_table WHERE $db_where";
		
		$rsMember = $_GLOBAL['db']->fetch_first($db_sql);
		if($rsMember) {
			if($rsMember['mcid']!=99) {
				$err = -4;
			} else {
				$ipadd = $c->ip($_SERVER['REMOTE_ADDR']);
				$addtime = time();
				$db_set = "lasttime=$addtime,lastip=$ipadd,visitcount=visitcount+1";
				$_GLOBAL['db']->query('UPDATE ' . $db_table . ' SET ' . $db_set . ' WHERE ' . $db_where);
				$c->setcookie('ydb_mobile_userinfo',$c->eccode($rsMember['username']."|".$rsMember['userid'], 'ENCODE', db_pscode));
				if($regmember=="true") {
					$pwkey = mt_rand(10000000, 99999999);
					$db_set ="pwkey=$pwkey";
					$_GLOBAL['db']->query('UPDATE ' . $db_table . ' SET ' . $db_set . ' WHERE ' . $db_where);
					$c->setcookie('ydb_moble_username',$c->eccode($rsMember['username']."|".$pwkey, 'ENCODE', db_pscode),604800);
				} else {
					$c->setcookie('ydb_moble_username', false);
				}
				header('Location: guestreg.php');
			}
		} else {
			$istrue = $c->eccode($_COOKIE['ydb_moble_username'], 'DECODE', db_pscode);
			if($istrue) {
				$c->setcookie('ydb_moble_username', false);
			}
			$err = -5;
		}
	}
}
$arr = array();$chk = false;
$arrpw = $c->eccode($_COOKIE['ydb_moble_username'], 'DECODE', db_pscode);
if($arrpw) {
	$chk = true;
	$arr = explode("|",$arrpw);
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>业务员登录</title>
<link type="text/css" rel="stylesheet" href="mobile.css" />
</head>
<body>
<div class="mobile">
	<div class="t">业务员登录</div>
	<form name="mainform" method="post" action="index.php">
    <dl>
    	<dd><label>业务员：</label><input type="text" id="username" class="u" size="20" name="username" value="<?php echo $arr[0];?>" /></dd>
        <dd><label>　密码：</label><input type="password" id="password" class="u" size="20" name="password" value="<?php echo $arr[1];?>" /></dd>
        <dd class="text"><?php echo $c->message($err);?></dd>
        <dd class="slogin"><input type="hidden" id="action" name="action" value="mobile" /><input name="submit" type="submit" class="buttonface" value="登录"/><input type="checkbox" id="regmember" name="regmember"<?php if($chk){ echo " checked='checked' ";} ?>value="true" />记住账号</dd>
    	<dd class="slogin"><a href="lostpasswd.php">忘记密码？</a></dd>
    </dl>
    </form>
</div>
</body>
</html>